Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PUW-a9vBKngUmzqZvp_KQ8VvPSk.roa
File:                     PUW-a9vBKngUmzqZvp_KQ8VvPSk.roa (raw, json)
Hash identifier:          l43iHU9W5h5wGB0MLM8H+P37SL9SDE1pVTjR3vSxPro=
Subject key identifier:   3D:45:BE:6B:DB:C1:2A:78:14:9B:3A:99:BE:9F:CA:43:C5:6F:3D:29
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896A6A220671867025BCF5B0C7FD8742C2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PUW-a9vBKngUmzqZvp_KQ8VvPSk.roa
Signing time:             Tue 18 Jul 2023 19:11:27 +0000
ROA not before:           Tue 18 Jul 2023 19:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6a:6a:22:06:71:86:70:25:bc:f5:b0:c7:fd:87:42:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 19:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3d45be6bdbc12a78149b3a99be9fca43c56f3d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a4:d1:44:7e:7f:58:26:75:07:83:3f:43:ff:
                    ee:ba:ae:a1:97:4e:ec:5a:53:cf:a2:a8:b9:f4:d8:
                    76:74:7b:40:2f:21:56:61:9b:06:2f:bb:7e:5e:07:
                    b8:aa:8e:12:ec:7a:e2:66:4e:ce:b5:4a:c6:c2:18:
                    3f:4b:cf:50:da:ba:11:95:05:0f:20:2b:b6:ab:3d:
                    8c:5f:ad:95:f9:ea:97:2b:96:03:c0:c9:f4:a0:a5:
                    8d:e2:51:6b:93:84:6c:f1:e4:ac:e4:1e:39:3b:20:
                    14:e3:f8:3f:55:f8:91:8d:1c:f6:4b:f4:7d:61:33:
                    e8:50:f8:61:3c:7e:44:54:21:bd:d3:c1:08:6a:92:
                    91:09:70:4f:6d:d2:8f:e1:af:98:08:d3:1b:ef:38:
                    10:d6:22:ea:5e:cd:a4:fa:70:55:22:90:9b:86:ab:
                    d5:bd:71:7a:36:27:86:a0:f0:fe:45:7e:b6:11:9e:
                    53:3d:0d:60:3a:2d:4d:7b:9d:f7:b3:e9:75:28:92:
                    44:5d:5f:16:ff:ed:90:e6:9c:32:85:d7:e6:3f:51:
                    2a:1f:e1:db:86:0e:d3:20:b6:41:d5:49:e4:bb:43:
                    97:b8:09:17:9c:35:62:87:25:71:f1:43:a9:f1:69:
                    f8:e5:a7:80:52:dd:d5:63:de:c3:56:e3:11:1d:29:
                    38:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:45:BE:6B:DB:C1:2A:78:14:9B:3A:99:BE:9F:CA:43:C5:6F:3D:29
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PUW-a9vBKngUmzqZvp_KQ8VvPSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:fc:ce:5d:f6:94:6b:5f:82:23:5d:d3:79:2a:26:48:0b:7c:
         72:c0:7a:1b:8e:65:ac:a4:57:56:40:20:4f:4d:cd:eb:81:84:
         d0:c6:2e:91:dd:91:e9:b0:f9:b6:fc:2d:39:f7:27:cb:6f:4b:
         e4:10:2f:81:08:0f:05:d5:4a:0c:fe:8f:a5:31:f2:ad:e2:88:
         0b:38:c5:9a:b4:dd:8a:77:a7:08:1a:01:f9:53:00:c8:ca:ef:
         da:50:75:0b:06:65:71:52:b9:26:6c:59:50:43:f2:d6:4f:dd:
         9d:5b:0b:b8:11:98:2f:62:e7:1c:60:88:30:29:32:8f:05:96:
         ff:51:b1:75:db:28:2f:fc:6d:40:c7:7e:86:e5:7b:c5:70:70:
         2b:7b:65:89:8b:35:29:62:eb:f8:cb:af:b3:d4:08:84:62:ac:
         a1:44:2d:e8:85:b6:11:36:5f:10:63:e6:8d:40:1d:96:cc:ed:
         da:3d:90:27:47:6e:b9:3f:d9:3e:92:9c:f2:ed:ce:9d:d7:ce:
         81:a1:5a:6c:48:d1:40:a3:4c:8d:76:bc:dd:8f:ab:9b:1b:3c:
         2c:7e:e3:90:26:5c:41:ab:c9:b6:02:8b:69:c0:cb:ee:0c:2c:
         7a:21:56:d0:4d:cd:d8:f4:51:30:07:3a:91:c2:9a:28:a0:29:
         08:3b:33:c7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlqaiIGcYZwJbz1sMf9h0LCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MTkxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDQ1YmU2YmRiYzEyYTc4MTQ5YjNhOTliZTlmY2E0M2M1NmYzZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6TRRH5/WCZ1B4M/Q//uuq6hl07s
WlPPoqi59Nh2dHtALyFWYZsGL7t+Xge4qo4S7HriZk7OtUrGwhg/S89Q2roRlQUP
ICu2qz2MX62V+eqXK5YDwMn0oKWN4lFrk4Rs8eSs5B45OyAU4/g/VfiRjRz2S/R9
YTPoUPhhPH5EVCG908EIapKRCXBPbdKP4a+YCNMb7zgQ1iLqXs2k+nBVIpCbhqvV
vXF6NieGoPD+RX62EZ5TPQ1gOi1Ne533s+l1KJJEXV8W/+2Q5pwyhdfmP1EqH+Hb
hg7TILZB1Unku0OXuAkXnDVihyVx8UOp8Wn45aeAUt3VY97DVuMRHSk4CwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD1FvmvbwSp4FJs6mb6fykPFbz0pMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUFVXLWE5dkJLbmdVbXpxWnZwX0tROFZ2UFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACv8zl32lGtfgiNd03kq
JkgLfHLAehuOZaykV1ZAIE9NzeuBhNDGLpHdkemw+bb8LTn3J8tvS+QQL4EIDwXV
Sgz+j6Ux8q3iiAs4xZq03Yp3pwgaAflTAMjK79pQdQsGZXFSuSZsWVBD8tZP3Z1b
C7gRmC9i5xxgiDApMo8Flv9RsXXbKC/8bUDHfoble8VwcCt7ZYmLNSli6/jLr7PU
CIRirKFELeiFthE2XxBj5o1AHZbM7do9kCdHbrk/2T6SnPLtzp3XzoGhWmxI0UCj
TI12vN2Pq5sbPCx+45AmXEGrybYCi2nAy+4MLHohVtBNzdj0UTAHOpHCmiigKQg7
M8c=
-----END CERTIFICATE-----